How to work from behind proxies ? (with patch providing a partial solution)

John Arbash Meinel john at arbash-meinel.com
Thu Jul 27 16:17:59 BST 2006 

Vincent LADEUIL wrote:
>>>>>> "jam" == John Arbash Meinel <john at arbash-meinel.com> writes:

...

>     jam> Like the other post said, you can multiplex 443 because
>     jam> of differences between SSH and HTTPS.  And if your proxy
>     jam> did check for an ssl handshake, you can still do
>     jam> whatever you want after establishing an SSL
>     jam> connection. Since it is an encrypted pipe.  But that
>     jam> would require something custom on the client end as
>     jam> well.  Multiplexing on 443 just means you need to tell
>     jam> bzr to use 'sftp://host:443'.
> 
> 
> Does that  confirm that sftp  is the only protocol  allowing 'bzr
> push' yet ?

We support it over ftp, but you said you can't ftp through a proxy with
python's ftplib implementation.

And obviously if you have a local share of some type (NFS,samba, etc)

But no, we don't support push over http (webdav) yet.

> 
> And  as you didn't  answer to  the other  points in  the original
> mail, does that mean that you consider using pycurl from behind a
> restricted firewall  not worth  the effort ?  Or is it  just that
> sftp is better considering my encryption requirement ?

I think pulling over pycurl and https is very good. And I think we
should handle proxies for pycurl. But from other comments, it already
works. It just doesn't work with password support.

> 
>     jam> You can also look at this page:
>     jam> http://dag.wieers.com/howto/ssh-http-tunneling/
> 
> That looks  promising (I still need  to make H a  FQDN host (only
> static IP for now), but that's the best solution so far).
> 
> That's still  intrusive for the  general case (that  creates more
> dependencies to install before using bzr).
> 
>     jam> That seems like it works just based on having the
>     jam> 'proxytunnel' program installed locally, and configuring
>     jam> Apache to proxy requests through port 443.
> 
> I will try it.
> 

Right. It uses virtual hosts to detect whether you really want http or
ssh. However, the multiplexing mentioned earlier would not require that.

> 
> <snip/>
> 
>     jam> Martin is currently working on it. I know he has a
>     jam> branch here:
>     jam> http://people.ubuntu.com/~mbp/repo/bzr.mbp.ssh/
> 
> I'll have a look.
> 
>     jam> But I know he has been working for a while, and that
>     jam> hasn't been updated in a month.
> 
> Ok.
> 
> Thanks for your replies,
> 
>        Vincent
> 

John
=:->

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060727/8176a6de/attachment.pgp

More information about the bazaar mailing list